Tofinosecurity.com uses cookies for analytics and functionality purposes.
To change your cookie settings or find out more, click here.
If you continue browsing our website or close this banner, you accept these cookies.

Search form

menu-bar

Application Notes

This application note contains a partial listing of the industries and applications where the Tofino Industrial Security Solution is deployed. If you do not see your application or control system listed, please feel free to contact us.

The Tofino Security Appliance is a self-contained microprocessor-based device that provides firewall, VPN, asset management, event logging and other security services in control and automation networks. Its functionality is determined by firmware stored in non-volatile memory inside the appliance.

As part of the ongoing development and enhancement of the product, Byres Security periodically releases firmware updates that may be installed in the appliance using the Tofino Central Management Platform (CMP) software.

Version 1.4 of the Tofino Industrial Security Solution introduced a new set of Tofino Loadable Security Modules (LSMs) that enable the creation of Virtual Private Network (VPN) connections in control networks. The Tofino VPN is designed specifically for use within an industrial environment, so it has some unique features tailored for use within SCADA and control systems:

The Tofino Central Management Platform (CMP) software provides visual drag-and-drop editors that permit the control systems engineer to create rules defining which devices on the control network are allowed to communicate with each other, and what protocols they are permitted to use. Another type of pre-defined rule, called Special Rules, allow the Tofino Security Appliance (SA) to implement more advanced filtering rules that cannot be expressed visually. This application note explores several special rules that implement traffic rate limiting.

There are many unusual protocols in the industrial world that require special handling to be allowed through a firewall. One such protocol is the Lantronix Discovery Protocol. This application note shows how to configure a set of firewall rules for the Tofino Firewall to allow the discovery request and reply traffic for the Lantronix line of serial/Ethernet converters.

As Distributed Control System (DCS) architectures integrate more IT-based technologies (such as Ethernet and Windows), it is important to implement a sound security strategy. This application note describes how Honeywell Process Solutions uses the Tofino Security Appliance (SA) to protect a system that is being migrated from an older TDC2000 DCS to modern Ethernet Experion™ PKS system.